Jquis

WTF randsomware infection

By Jquis, in Help, my files are encrypted!

Recommended Posts

Jquis    0

Jquis
Posted

I have a windows server 2012 that has all the files encrypted by the wtf randsomware and I am looking for a Decryptor.

 

i also neeed a protection solution 

 

which emsisoft product can can protect this type of server?

 

has anyone been successful at Decrypting these files.

Share this post

Link to post
Share on other sites

GT500    837

GT500
Posted
16 hours ago, Jquis said:

which emsisoft product can can protect this type of server?

We sell Emsisoft Anti-Malware licenses for server editions of Windows (Server 2008 R2, Server 2012, and Server 2016 are supported):
https://www.emsisoft.com/en/software/antimalwareforserver/

It will offer the protection you are looking for, however you need to make sure that ports for things like RDP are closed in your firewall. No anti-virus is going to be able to protect a system from a remote attacker who has gained access to the local administrator account on a computer via RDP.

 

16 hours ago, Jquis said:

has anyone been successful at Decrypting these files.

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post

Link to post
Share on other sites

keiffer    0

keiffer
Posted

Unfortunately it looks like I got hit by this one last night as well. From everything I have found, this is a Cry36 variant. I can't find any decrypters. Seems like my only option at this point is to wipe the server and start from scratch. This means we will lose thousands of irreplaceable family photos. 

Has anyone else found a way to decrypt these files?

Share this post

Link to post
Share on other sites

Acelooc    0

Acelooc
Posted
18 hours ago, keiffer said:

Unfortunately it looks like I got hit by this one last night as well. From everything I have found, this is a Cry36 variant. I can't find any decrypters. Seems like my only option at this point is to wipe the server and start from scratch. This means we will lose thousands of irreplaceable family photos. 

Has anyone else found a way to decrypt these files?

The best way to do is 

 

1: hide your encrypted files somewhere safe

2: be patient

Thats what am i doin now

Share this post

Link to post
Share on other sites

GT500    837

GT500
Posted
On 6/10/2018 at 12:08 PM, Acelooc said:

The best way to do is 

1: hide your encrypted files somewhere safe

2: be patient

Thats what am i doin now

That's essentially correct. Until law enforcement and/or security analysis companies are able to take over the servers run by the criminals and liberate their database of private keys, it won't be possible to make a free decrypter for this ransomware, so waiting is all we can do for now.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.